- Community Home
- >
- Networking
- >
- IMC
- >
- RADIUS Failover options?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-18-2014 12:00 PM
12-18-2014 12:00 PM
RADIUS Failover options?
Looking through the docs I see mention of server failover option, but not much on how to set up.
Would really like some way for clients to authenticate in case of RADIUS failure. Whats the best way to set this up?
Duplicate the whole IMC server, which is implied & supported by license and list as second radius server?
What about the DB? One copy seems like the way it should work. Keep it on 1st imc server or move it to separate server?
Does UAM care or does it just need to see LDAP server(s)
tia
Neil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2014 12:41 PM
12-23-2014 12:41 PM
Re: RADIUS Failover options?
I think that you can configure IMC in a distributed architecture and implement 2 UAM machine like slaves, thus in the authentication device (access switch, wireless controller, etc) you can configure the primary and the secondary radius authentication like the 2 IP of both UAM.
About the Database HA, I think the better solution is implement a cluster.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-24-2014 04:24 PM - edited 12-24-2014 04:27 PM
12-24-2014 04:24 PM - edited 12-24-2014 04:27 PM
Re: RADIUS Failover options?
How to set it up is the question
Or maybe I just use ms npa rules to cover as much as I can
Thx
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-12-2015 09:38 AM
01-12-2015 09:38 AM
Re: RADIUS Failover options?
Setting up the VLAN tagged attirbutes was making the MS NPS solution complicated.
since I already had PCM doing the same job, I made that the backup radius. Already getting my users from AD, and my existing MAC address via the OUI function.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2015 03:02 PM
02-28-2015 03:02 PM
Re: RADIUS Failover options?
I decided to try the stateless backup option using a second IMC installation. I learned that cloning the VM was not an option so built up a new install and activated backup licenses on it. Confirmed that my LDAP and UAM users would authenticate so that problem solved.
Deployment of secondary RADIUS information to access swtiches is easy - just deploy them as access devices on backup server and it adds the configs to the switches. Some other issues from stateless backups - make sure snmp access is configured for secondary server or else a bunch of errors are generated. Also my NTA probe has decided to send all its data to the backup. only local admin account came across for IMC access.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2015 01:47 PM
03-16-2015 01:47 PM
Re: RADIUS Failover options?
More issues with the standby IMC server.
NTA: after I brought up the second server, the NTA probe, implemented on vmware using the IMC_vMon_7.1_E0301.ova template, the probe started sending all its data to the backup server instead. And it only displays on the backup server. The main server shows no traffic accumulating. I tried shutting down the backup, and it sent traffic to the main, but no display.
The interface and VLAN traffic from the switch goes to main server.
I have had issues before with the probe before displaying second interface traffic.
Server config is not changeable and is set to the localhost address, otherwise I'd set to point to main. Not the end of the world - I can log in and review there.
Backup for authentication: For PC's running 802.1 wired, works fine, probably even for wireless as well, didn't test. However for iPhones using windows creds to log in, the user must accept the self signed certificate from the IMC radius server.
The certificate is different for the backup system because the host name is different, so user must "forget" the network and reconnect again with credentials. This is a bit annoying, but in a failover situation, at least acceptable.
Any thoughts on these issues?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2015 09:35 AM
11-25-2015 09:35 AM
Re: RADIUS Failover options?
This feature is being improved with 7.2
7..1 implementation is rather difficult/manual steps etc.